55997319dff18bdb6248275d868c3ed3d7af1567fa2bcad346a2471a1ec5646a

Sharing

Copy URL Twitter E-mail

General

Target

55997319dff18bdb6248275d868c3ed3d7af1567fa2bcad346a2471a1ec5646a
Size

2.4MB
MD5

a1f97acc4c660a07882216a3641d59aa
SHA1

0218fecbde800948c3905327a23e825644d81ada
SHA256

55997319dff18bdb6248275d868c3ed3d7af1567fa2bcad346a2471a1ec5646a
SHA512

a0b44cef7ef5fb3f3d7733a559d3227ae6039ee2372804636c5c49fc47f7d29513266acf5250080800593af640bc301836e708f9d1a0d55c71c9fbe9394247e1
SSDEEP

49152:xQWWWWWWWWWWWWWWWWWWWWWWCWWWWWWWWWWWWWWWWWWWWWW4BEDXXzFAvE83W6Wj:uWWWWWWWWWWWWWWWWWWWWWWCWWWWWWW+

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

55997319dff18bdb6248275d868c3ed3d7af1567fa2bcad346a2471a1ec5646a
.exe windows x86

0f47b5a921910203070751312d93b15b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutUnprepareHeader

ws2_32

WSACleanup

rasapi32

RasGetConnectStatusA

kernel32

GetTimeZoneInformation
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

wsprintfA
MessageBoxA

gdi32

Escape

winspool.drv

ClosePrinter

advapi32

RegCloseKey

shell32

SHGetSpecialFolderPathA

ole32

StgCreateDocfileOnILockBytes

oleaut32

SafeArrayAccessData

comctl32

ImageList_GetIcon

oledlg

ord8

wininet

InternetCanonicalizeUrlA

comdlg32

GetSaveFileNameA

Sections

.text
Size: - Virtual size: 905KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 7.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 232KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f47b5a921910203070751312d93b15b

Headers

File Characteristics

Imports

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

wininet

comdlg32

Sections

.text Size: - Virtual size: 905KB

.rdata Size: - Virtual size: 7.0MB

.data Size: - Virtual size: 366KB

.rsrc Size: 232KB - Virtual size: 246KB

.vmp0 Size: - Virtual size: 212KB

.vmp1 Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 4KB - Virtual size: 196B

.text
Size: - Virtual size: 905KB

.rdata
Size: - Virtual size: 7.0MB

.data
Size: - Virtual size: 366KB

.rsrc
Size: 232KB - Virtual size: 246KB

.vmp0
Size: - Virtual size: 212KB

.vmp1
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 4KB - Virtual size: 196B